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DETAILED ACTION 

Terminal Disclaimer 

The terminal disclaimer filed on 20 December 2006 disclaiming the terminal portion of 
any patent granted on this application which would extend beyond the expiration dates of the full 
statutory term of the patent granted on pending reference Application Number 10/1 17,868 has 
been reviewed and is accepted. The terminal disclaimer has been recorded. 

Examiner's Amendment 

An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this Examiner's Amendment was given in a telephone interview with AN 
Mireshghi (Reg. No. 58,726) on 18 November 2008. 

This application has been amended as follows: 

IN THE CLAIMS 
Cancel claim 2 and 36. 

Replace claims 1,16, 30, 32 and 34 with the following clean copies . 
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Claim 1: 

A method comprising: 

performing, in a first service access provider, operations including, 

receiving an access request from a client access device, the access request 
requesting access to a network, wherein a user associated with the client access device 
is a subscriber of a second service access provider; 

establishing a communications link with the client access device to authenticate 
and authorize the user, including delivering an agent to the client access device, the 
agent operable to identify the client device configuration; 

receiving client device configuration data from said delivered agent over the 
communications link during an authentication and authorization exchange, wherein the 
client device configuration data includes security setting status data received from 
executables operating on the client device; 

transmitting the client device configuration data destined for the second service 
access provider, wherein the second service access provider is operable to process the 
client device configuration data and selectively grant the client access device access to 
the network based upon the client device configuration data; and 

receiving an indication about whether the client access device is granted access 
to the network, the indication originating from the second service access provider. 



Claim 16: 

A system to verify configuration data of a client access device requesting access to a 
packet-switched computer network, the system comprising: 
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a first service access provider, coupled to the packet-switched computer network, to 
establish a communications link to the client access device, including delivering an agent to the 
client access device, the agent operable to identify the client device configuration, via the packet 
switched computer network to receive, from the client access device, authentication information 
for a user associated with the client access device and to receive the client device configuration 
data from said delivered agent over the communications link during an authentication and 
authorization exchange, wherein the client device configuration data includes security setting 
status data received from executables operating on the client device; and 

a second service access provider to receive said authentication information and said 
client device configuration data from the first service access provider, to process the 
configuration data, to selectively grant the client access device access to the network based 
upon the configuration data, and to originate an indication whether the client access device is 
granted access to the network; and wherein the client access device is a subscriber of the 
second service access provider. 

Claim 30: 

A machine readable storage medium storing a set of instructions that, when executed by 
a machine, cause the machine to: 

perform, in a first service access provider, following operations: 

receiving an access request from a client access device, the access request 
requesting access to a network, wherein a user associated with the client access device 
is a subscriber of a second service access provider; 

establishing a communications link with a client access device including 
delivering an agent to the client access device, the agent operable to identify the client 
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device configuration to authenticate and authorize the user associated with the client 
access device; 

receiving client device configuration data from said delivered agent over the 
communications link during an authentication and authorization exchange, wherein the 
client device configuration data includes security setting status data received from 
executables operating on the client device; 

transmitting the client device configuration data destined for the second service 
access provider, wherein the second service access provider is operable to process the 
client device configuration data and to selectively grant the client access device access 
to the network based upon the client device configuration data; and 

receiving an indication about whether the client access device is granted access 
to the network, the indication originating from the second service access provider. 

Claim 32: 

A method to manage access to a network from a client access device, the method 
comprising: 

requesting access to the network, the requesting involving a first service access provider 
and a second service access provider; 

authenticating a user associated with the client access device in an authentication and 
authorization exchange, at the first service provider, involving an agent delivered to the client 
access device, said delivered agent operable to identify the client device configuration data, 
wherein the user is a subscriber of the second service access provider; 

communicating client device configuration data to the second service access provider 
via said delivered agent, wherein the client device configuration data includes security setting 
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status data received from executables operating on the client device; 

processing the configuration data, by the second service access provider, and 

if the user is authenticated and the verification response from the second service access 

provider indicates acceptance of the client device configuration data accessing the network via 

the first service provider, receiving a verification response from the second service access 

provider via the first service access provider. 

Claim 34: 

A machine readable storage medium storing a set of instructions that, when executed by 
a machine, cause the machine to: 

request, from a first service access provider, access to a network, the requesting 
involving a first service access provider and a second service access provider; 

authenticate and authorize a user associated with the request in an authentication and 
authorization exchange, at the first service provider, involving an agent delivered to the client 
access device, said delivered agent operable to identify the client device configuration data, 
wherein the user is a subscriber of the second service access provider; 

communicate client device configuration data to the second service access provider via 
said delivered agent, wherein the client device configuration data includes security setting status 
data received from executables operating on the client device; 

process the configuration data, by the second service access provider, 

receive a verification response from the second service access provider via the first 
service access provider; and 
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if the user is authenticated and the verification response from the second service access 
provider indicates acceptance of the client device configuration data, access the network via the 
second service provider. 

Allowable Subject Matter 
Claims 1 and 3-35 are allowed. 

The following is an examiner's statement of reasons for allowance: 
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of 
record fails to teach or render obvious the claimed limitations in combination with the specific 
added limitations recited in claims 1,16, 30, 32 and 34 (& associated dependent claims). 

The present invention is directed to a method a method performing, in a first service 
access provider, operations including, receiving an access request from a client access device, 
the access request requesting access to a network, wherein a user associated with the client 
access device is a subscriber of a second service access provider. The closest prior arts on the 
record, either singularly or in combination fails to anticipate or render obvious the claimed 
invention of establishing a communications link with the client access device to authenticate and 
authorize the user, including delivering an agent to the client access device, the agent operable 
to identify the client device configuration data; receiving client device configuration data from the 
agent over the communications link during an authentication and authorization exchange, 
wherein the client device configuration data includes security setting status data received from 
executables operating on the client device; transmitting the client device configuration data 
destined for the second service access provider, wherein the second service access provider is 
operable to process the client device configuration data and selectively grant the client access 
device access to the network based upon the client device configuration data. 
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Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the 
issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons 
for Allowance." 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Longbit Chai/ 

Longbit Chai Ph.D. 
Patent Examiner 
Art Unit 2131 
11/19/2008 



